data.getRequest().getSession().invalidate();
On 7/18/2012 2:32 PM, Asha N wrote:
It seems to work once after I rebuild and restart Tomcat. Any subsequent
tries, it does not work. I am not sure why. I used
data.getSession().invalidate(). I also noticed that the session id has
already changed by the time it got to that place. I am really confused as
what to do at this point. Is there any other approach I can take?
thanks,
Asha
Asha N wrote:
Hello,
We are using Turbine with Velocity, Javascript and Java and Tomcat 7 as
our server. I have a use case where the session needs to be invalidated
after a user logs in. The things that I tried are:
* Tomcat7 by default has it turned on, but it does not work. We have
another system with Spring instead. That generates a new jsessionid
without any issues.
* I tried the following code just before the user gets authenticated via:
TurbineSecurity.getAuthenticatedUser(username, password);
my code:
HttpSession session = data.getRequest().getSession(false);
if (session!=null&& !session.isNew()) {
session.invalidate();
}
data.getRequest().getSession(true);
this does not work. I still get the same sessionid.
I also tried:
data.getSession().invalidate(), but that too does not seem to work.
Any pointers or inputs are greatly appreciated.
thanks in advance,
Asha
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
